Five Ways to Protect Customer Credit Card Information

Organizations need to increase their awareness of this growing threat and the rather simple steps they can take to prepare themselves. Here are tips, identified by Rob Bertke, senior vice president of research & development, Sage Payment Solutions, for businesses of all sizes to keep in mind as they navigate through the economic climate and beyond.

1. Immediately deal with any breach

It’s critical to understand that even if all cautious, conservative steps are taken, and the best payment processing security is installed, a breach can still occur. If it does, you must have detailed credit card sales records to refer back to as a means of retracing your steps. This will help in determining when and where the breach took place and therefore mitigate the potential for additional losses. Furthermore, a proper assessment of the initial attack may ultimately provide a trail back to the source of the breach.

2. Maintain PCI compliance

Not only is it against card brand regulations if you’re not Payment Card Industry (PCI)-compliant when accepting credit or debit cards, but it’s also an absolute must in today’s economic climate. Make certain your payment processing software security is current and is PA-DSS (Payment Application Data Security Standard)-certified, and that your business receives its PCI-DSS (Payment Card Industry Data Security Standard) certification.

PCI certification provides a level of confidence and assurance that a processor has followed and passed a robust set of best practices for securing the information being processed when credit card payments are made. There’s no silver bullet here. You have a responsibility to protect your customer’s credit card information, just like you should be protecting all of your customer data.

The depth of the audit required will depend on your business volume and systems but a full PCI audit will offer a scorecard across your business’ payments environment, including all connected back-office applications, allowing you to make critical changes before security holes are exposed by thieves.

3. Use end-to-end encryption for all sensitive data

End-to-end encryption (E2EE) essentially boils down to scrambling the data sent from one device to another. It starts with your payment capture devices, and goes all the way to the transaction being authorized. E2EE technology prevents the card account data from being stolen electronically and lessens the cost and impact for your business to become PCI-certified.

A company’s mobile payment devices, credit card terminals, software applications, and online payment portals need built-in encryption functionality when transmitting customer information. Your company should select a payments provider that is technically savvy. Look for a partner that supports E2EE technology. You’ll need to balance cost versus product and service here. Using the low-cost provider could come at the expense of limited product functionality, potential security holes, and lower levels of customer service.